Posted by: David Harley | March 21, 2017

More Warnings to Mac Users

You go for years thinking that hardly anyone is interested in reminding Mac users that they can be caught out by malware too, and then you get three articles at once beating the same drum, or at any rate to much the same rhythm. Yesterday, as I remarked in an earlier blog, there was a very nice article by Thomas Reed for Malwarebytes:  Mac Security Facts and Fallacies.

And today, along come a couple more. One is from the Cylance Threat Guidance Team (Threat Spotlight: Mac Malware): since it mentions me, I should say that while I’m fundamentally in agreement with the article, I have to clarify that though I was drafted into the WildList Organization to implement a Mac WildList, it didn’t (for various reasons) get beyond the planning stage. Anyway, the article seems to throw a little more light on the threat ESET calls OSX/Filecoder.E, as discussed in a blog by Marc-Etienne M.Léveillé from 22nd February  –  New crypto-ransomware hits macOS. There are some other links to information about OSX/Filecoder.E on this site: OSX/Filecoder.E Ransomware Recovery.

The other is by Bill Brenner for Sophos: Your Mac is not malware-proof: a look at the threats and defenses. Sophos believes that there is other macOS-targeting malware incoming, including ransomware.  Sophos researchers Xinran Wu is quoted as saying that ‘MacOS tends to be more a victim of nuisance programs known as potentially unwanted applications (PUA) – adware, for example.’ (Thomas Reed made much the same point in his article for Malwarebytes.) And I agree with him that apart from PUAs, the unequivocal malware that we’ve seen for OS X/macOS has tended to be targeted. However, the way it’s expressed in that article seems to imply that malware is either targeted or drive-by. And, of course, drive-by downloads are a considerable problem, but they’re not the only problem – there’s plenty of other malware (I’m talking malware in general, not Mac-specific stuff) that uses other vectors and doesn’t rely on vulnerabilities in applications. Still, there are plenty of useful links in the article.

David Harley

Posted by: David Harley | March 20, 2017

Macs, Facts and Fallacies

If you’ve followed my Mac-related writing over the past couple of decades – how are you both? – you’ll know that a lot of that writing has been about mistaken claims that Macs offer more security than they really do. A view that has earned me more abuse (from the fanboi faction, at any rate) than admiration, but nearly 30 years spent in and around  the anti-malware industry have helped me grow a pretty thick skin.

All that aside, it’s quite nice to see someone else expressing similar views occasionally: in this case, Thomas Reed, who has been writing interesting and useful articles on Mac security for a long time, recently on behalf of Malwarebytes. I have to agree with Forbes that his article Mac Security Facts and Fallacies is a “useful and informative blog post that provides a balanced view of the strengths and weaknesses of security on the Mac.”

David Harley

Posted by: David Harley | March 13, 2017

Checkpoint on pre-installed Android malware

Oren Koriat, Check Point Mobile Research Team: Preinstalled Malware Targeting Mobile Users. Malware discovered includes Slocker ransomware.

– DH

Posted by: David Harley | March 3, 2017

Eugene Kaspersky on macOS, IoT…

…and various other acronyms and ‘issues.

Kieren McCarthy, for The Register, summarizes the keynote at the Mobile World Congress by ‘security showman Eugene Kaspersky’: Apple’s macOS is the safer choice – but not for the reason you think – Eugene Kaspersky looks forward to a new darker dawn.

According to McCarthy, Kaspersky claimed that the comparatively sparse malware targeting macOS is ‘more a case of difficulty in hacker recruitment than evidence of stronger inherent security.’

David Harley

Posted by: David Harley | March 1, 2017

AV-Comparatives Android Test

This looks like a reasonably comprehensive and informative test of Android security products. The test, from AV-Comparatives, used ‘the top 1,000 most common Android malware threats of 2016’.

Android Security Test 2017 – 100+ Apps tested

Lots of mainstream products scored 100% (as they should in a test like this), and others scored near to that. So this isn’t going to tell you which of those products you should be using. (Which is fine by me: I’m not sure that the ‘editors pick’ snapshot choice between several products that are approximately level  in performance, though beloved of magazine reviews, is generally very helpful.) What it does show is a lot of products whose scores seem to be unacceptably low.

David Harley

Posted by: David Harley | March 1, 2017

OSX/Filecoder.E Ransomware Recovery

[Also posted at AVIEN: Patcher/Filezip/Filecoder – data recovery and naming. Slightly edited here.]

Because of time issues, I added the malware ESET calls OSX/Filecoder.E to the Specific Ransomware Families and Types page at AVIEN but didn’t give it an article of its own there. Since there is important news (to potential victims) from Sophos and Malwarebytes, I’m repairing that omission there and also at MacVirus.

Note that both Reed and Cluley sometimes refer to the malware as FileCoder. This is potentially misleading: while ESET, which first uncovered the thing, detects it as OSX/Filecoder.E, the term ‘Filecoder’ is used generically by the company to denote crypto-ransomware, so you/we need to use the full name ‘OSX/Filecoder.E’ to distinguish it from other, unrelated ransomware families.

David Harley

Posted by: David Harley | February 22, 2017

macOS and Android malware news

Both stories from ESET:

David Harley

Posted by: David Harley | February 15, 2017

Sophos on macOS ransomware

Article here: RSA 2017: Deconstructing macOS ransomware

Posted by: David Harley | February 15, 2017

Xagent, APT28 and macOS

BitDefender analysis: New Xagent Mac Malware Linked with the APT28

Commentary by John Leyden for The Register: Kremlin-linked hackers believed to be behind Mac spyware Xagent – iPhone backups can be slurped for Mother Russia, say researchers

More about APT28 from BitDefender.

David Harley

Posted by: David Harley | February 10, 2017

Recent Mac Malware

John Leyden for the Register: Macs don’t get viruses? Hahaha, ha… seriously though, that Word doc could be malware – Files spotted using Python code to infect Apple machines.

Largely focused on Patrick Wardle’s analysis: New Attack, Old Tricks › analyzing a malicious document with a mac-specific payload.

Also touches on MacDownloader, which seems to impersonate both an installer and an anti-malware tool: IKITTENS: IRANIAN ACTOR RESURFACES WITH MALWARE FOR MAC (MACDOWNLOADER)

Dan Goodin for Ars Technica: Mac malware is still crude, but it’s slowly catching up to its Windows rivals – A tale of two attacks that both target MacOS users.

George V. Hulme: New Mac malware on the loose: What you need to know

No, malicious macros haven’t entirely gone away… In fact, this is almost (in a superficial sort of way) where I came in, 20 years ago: Macs and Macros – the State of the Macintosh Nation (my first Virus Bulletin paper).

David Harley

Older Posts »

Categories